Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2020-26217

Опубликовано: 16 нояб. 2020
Источник: debian

Описание

XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream's Security Framework allowlist is not affected. The linked advisory provides code workarounds for users who cannot upgrade. The issue is fixed in version 1.4.14.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
libxstream-javafixed1.4.14-1package

Примечания

  • https://x-stream.github.io/CVE-2020-26217.html

  • https://github.com/x-stream/xstream/security/advisories/GHSA-mw36-7c6c-q4q2

  • https://github.com/x-stream/xstream/commit/0fec095d534126931c99fd38e9c6d41f5c685c1a

Связанные уязвимости

ubuntu логотип

CVE-2020-26217

CVSS3: 8
ubuntu
около 5 лет назад

XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream's Security Framework allowlist is not affected. The linked advisory provides code workarounds for users who cannot upgrade. The issue is fixed in version 1.4.14.

redhat логотип

CVE-2020-26217

CVSS3: 9
redhat
около 5 лет назад

XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream's Security Framework allowlist is not affected. The linked advisory provides code workarounds for users who cannot upgrade. The issue is fixed in version 1.4.14.

nvd логотип

CVE-2020-26217

CVSS3: 8
nvd
около 5 лет назад

XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream's Security Framework allowlist is not affected. The linked advisory provides code workarounds for users who cannot upgrade. The issue is fixed in version 1.4.14.

github логотип

GHSA-mw36-7c6c-q4q2

CVSS3: 8
github
около 5 лет назад

XStream can be used for Remote Code Execution

oracle-oval логотип

ELSA-2021-0162

oracle-oval
около 5 лет назад

ELSA-2021-0162: xstream security update (IMPORTANT)